search

OpenSCAP / website

Tracker for new OpenSCAP portal
2 stars 1 forks source link

Create logotypes for "DISA STIG", "FedRAMP", "FISMA", "PCI-DSS", and "USGCB" standards on "Security Compliance" page #115

Closed iankko closed 9 years ago

iankko commented 9 years ago

The Home > Features > Security Compliance page currently contains selected representatives of official security standards / benchmarks ("DISA STIG", "FedRAMP", "FISMA", "PCI-DSS", and "USGCB").

From further research (due to various reasons):     [1] http://blog.ntt-security.com/how-to-show-to-the-world-that-you-are-pci-dss-compliant-and-validated     [2] http://www.maravis.com/logo-for-pci-compliance/

it is not possible to display e.g. PCI-DSS logo on custom websites (more from [1]:

Many organizations believe that they can simply download the PCI DSS Logo from the PCI SSC 
website and embed it in their website but unfortunately, it is not that easy. The merchants and 
payment service providers do not hold any right to the use of the PCI DSS logo.

and from [2]:

The PCI SSC is a standards-setting body, and makes no determination as to any individual 
organizational compliance status. The use of such unauthorized logos not only creates confusion in 
the marketplace by mistakenly implying recognition of a compliance status, or the endorsement of, 
an organization by the Council, but also the use of these logo variations constitutes an infringement 
of the Council’s trademark and copyright rights, and the PCI SSC is obligated to enforce its 
intellectual property rights in order to further the organization’s mission and objective.

)

Since the above implies it won't be possible to use e.g. the PCI-DSS logo on the portal website, we should create some logotypes (rather than having current form of links) so the layout of the page as a whole looks better.

Thank you for consideration, Jan.

isimluk commented 9 years ago

Please include NIAP in the list. NIAP is involved in RHEL7/OSPP, so that becomes important.

lhorakov commented 9 years ago

Done

iankko commented 9 years ago

@isimluk

Please include NIAP in the list. NIAP is involved in RHEL7/OSPP, so that becomes important.

Thanks, good point. Do we want to include just "NIAP" or "NIAP OSPP" as the link name? (I have included just "NIAP" pointing to https://www.niap-ccevs.org/pp/PP_OS_v4.0/ for now).

iankko commented 9 years ago

@lhorakov

Done Thanks! They look great IMHO. We will need to create yet one for NIAP. But first need to find an agreement if we want "NIAP" or "NIAP OSPP".

lhorakov commented 9 years ago

Done